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4 August 1977 


MEMORANDUM FOR: Director of Central Intellipence 


VIA 
FROM 


Acting Deputy Director of Central Intelligence 


Ernest J. Zellmer 
Acting Deputy Director for Science and Technology 


SUBJECT > IG Report on CIA Security Perfor alas 


1. 


25X1A 


We have informally reviewed subject IG report with 


the Inspector General and generally concur with its findings. 
We do believe that recommendation 4c requires further clarifica- 


tion. 


Recommendation 4c states: "The Office of Security should 


be given prime responsibility over enforcement of security 
standards prescribed for CIA contractors."" This recommendation 
could be interpreted in several ways. One, a responsibility to 
establish security policy, procedures and standards to include 

a role to ensure that all such standards are being met; and two, 
all of the above plus the day-to-day implementation dealing with 
industrial contractors on the multitude of decisions which affect 
Programmatic issues as well as security. This second interpreta- 
tion could result in fragmentation of contract management and 
would be of concern to DD/S&T. Our rationale, together with a 
revised statement for recommendation 4c is discussed below. 


yee 


DD/S§&T uses the Management Team concept to Support the 


Program Manager in directing a contract program. The Management 
Team consists of specialists to provide the technical, contractual/ 


legal, 


budget/finance, logistics, audit, communications, and 


security functions. The Security Officers for a Management Team 
are assigned to the DD/S&T by the DDA Office of Security. The 
Contract Officer, Budget and Finance Officer, Auditor, and 
Communications Officer are also assigned to the DD/S&T by the 
appropriate offices of the DDA. Thus, the DProerav Manager with 


direct 


line responsibility for a Darticular technical propram 


has the necessary expertise to properly and efficiently manage 
the contractor's activities. The contractor has one focal point 
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to deal with and receives coherent direction and support. 
Furthermore, the Program Manager is responsible for the Single 
legal enforcement tool available -- the contract which contains 
performance incentives and penalty clauses. (Note: Future 
contracts will require new language to provide the leverage 
needed to strengthen the Government's ability to enforce proper 
security). Contract management is a continuing set of tradeoffs 
Over the life of a contract. Such tradeoffs include technical 
solutions, schedules, and costs. Many tradeoffs also have 
Security implications which must be factored into the decisions. 
For example, tradeoff judgments may have to be made involving 
the technical requirements of a specific test program, the 
security restrictions that must be applied, and the costs of 
those activities. "Security by the Book" without specific 
tailoring to the test program could make it impossible to con- 
duct the testing. On the other hand, waiving some aspect of 
security in order to conduct the tests could result in blowing 
a sensitive development. Thus, there needs to be a day-to-day 
interaction between the Security Officer and the other elements 
of the Management Team to ensure program progress while main- 
taining proper security. 


3. For the above reasons, DD/S&T strongly believes that 
the Agency responsibility for implementing industrial security 
policy and procedures should remain a line function from the 
Program Manager to the contractor. To remove fron the Program 
Manager the responsibility for implementing industrial security 
(or one of the other essential elements of program management) 
would be detrimental to effective contract management and could 
result in several sources of directions to the contractor. 


4. DD/S&T agrees that the Office of Security should have 
full responsibility for establishing Agency security policy, 
procedures, and standards. This 0/S function should be 
strengthened as necessary to improve and clarify existing 
doctrine and regulations. The O/S also has the responsibility 
for industrial personnel security investigations and establish- 
it and navintainine elearances for diptesct sia: WCIS OTIC: "ahah et 
responsibility should continue and be Strengthened by incorpora- 
tion of polygraph procedures as recommended by the I.G. DD/S&T 
believes that the responsibility for implementation of 
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industrial security policy and procedures should remain a 
direct responsibility of the Program Manager supported by the 
security officer(s) on his Management Team. Stricter attention 
must be given to this responsibility by the Program Manager and 
contract documentation must be strengthened to enhance security 
control of contractors. To ensure proper implementation of 


security procedures by the Program Manager and by the contractors, 


DD/S&T recommends that 0/S be given a security audit responsibil- 
ity. <A separate Security audit team should be established in 0/S 
to conduct periodic announced and unannounced inspections of 
Program Management and the contractors. Thus, O/S could ensure 
that proper security standards are being maintained or could 
require corrective action through the Program Manager. This 
independent check on the implementation of security should reduce 
the risks encumbent in sensitive programs. 


5. DD/S&T recommends that recommendation 4c of the IG 
report be revised to read as follows: 


"The Office of Security should be given prime 
responsibility to ensure the enforcement of security 
Standards prescribed for CIA contractors. As one 
measure toward this end the Office of Security should 
establish a security audit unit to conduct industrial 

. Security inspections (announced and unannounced) of 
Program Management and of its contractors. Results of 
such audits should be provided to the Deputy Director 
of the component involved, the IG, the DDCI and the DCI." 


J. Zellmer 
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Deer : 
The purpose of this letter is to bring to your attention 
amatter of urgent importance to the national security inter- 
ests of this country, and to seek your assistance. 
Within the last few weeks, I have caused Surprise security 


inspections to be conducted at the facilities of Severe? major 


contractors engayed in the performence of contracts funded oa: 


ite! , 
ES 


administered by this Agency. The results heve been uniformity 
disappointing, and in some aspects appalling. In each 
instance, numerous and serious deficiencies were found to exist 
in the security programs of those contractors whose PS TEAS 
were surveyed. Putting aside the specifics, however, I belicves 
the larger point confirmed by these Surveys is that security 
has been treated as a distinctly secondary aspect of contrac? 
performance and that it has received only such atteation and 
~~; resources as may have been left over efter other tasks, evi. 
dently seen by the contractors involved as nore pressing, 
were ful rived. In most instances, it is en altitude of cheyet- 
ness thet leaves us vulnerabte ta Bo eG e- Oe Ae ve Pai ee 
be) Ve Ae tid bees a A Oh Grates ob Peewee . 
PME Sone TING eae Sea regard Secupr ey: as bedi 
of central importance in the performance of contracts funded or 


aduinistered by this Agency. waa lia Tl od “She aye aprdaty 
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contr ct would he of lesser value, and much of it would be of 
Tittle value, if it could not be performed in a secure manner 
and protected against unauchorized disclosure, whether deliber- 
ate or inadvertent, which I have the statutory obligation to 
prevent: | 

I am sure you will agree with me that there is no room for 
relaxed or casual approaches in this field, and that strict 
adherence to proper security procedures deserves a top manage- 
ment priority on a continuing basis to assure that risks of 
compromise are held to an absolute minimum. For my part, I have 
directed that the Agency add signifigantly to its industrial 
security staffing so as to suppert 2 is pregram of unannounced 
security audits. When and if ghch audits reveal Serer: dae: 
crepanctes, I will have to review sar neeeurces available to me 
to ensure security, including the witndrawal of security clear- 
ances from plants and/or individuals. “IT-have directed other 
initiatives as well, including the requirement that a contractor's 
security record and posture be taken into account when it comes 
to the ee of new contracts and more effective provisions 
within our contracts with aspect to security. 

I hope that you will join with me in my resolve to ‘bring 
about and maintain higher Vevels of conscisusness and higher 
standards of performance with regard te security aspects of Agcncy 
contracts. J] am counting on your cooperation. | 


Yours, 


wpe le 


STANSFIELD TURKER 
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